The Las Vegas Sands. The Wall Street Journal. Microsoft Corporation. What could these three companies possibly have in common? Try China. Each is being investigated by the SEC and the Department of Justice for violations of the Foreign Corrupt Practices Act (FCPA).

Last year the Sands disclosed that it was being investigated. It received a subpoena from the SEC in February, 2011 and was advised that DOJ was investigating as well. Some allegations that have come to light are that Sheldon Adelson, the head of the Sands, instructed a top executive to pay about $700,000 in legal fees to aMacaulegislator whose law firm was outside counsel to the Sands. As a result of the government’s investigation the Sands authorized its independent Audit Committee to look into the matter and it recently released its preliminary report. The internal investigation is ongoing.

Also last year, the DOJ opened an investigation into allegations of bribery in Chinaby the Wall Street Journal. The WSJ also embarked on its own internal investigation which is close to finished.

Finally, a news story broke this week that Microsoft Corp. is being investigated as a result of allegations of potential bribery by employees in China (as well as inRomania and Italy). This is such a new story that Microsoft has not yet begun its investigation.

Three different stories with the same tag line, all within the month of March, 2013. So far it seems as if this is the year of the FCPA, even though, in fact, FCPA cases have declined over the last two years. All three of these investigations were prompted by whistleblowers of one type or another. How did each company react and which reaction would appear to best serve its corporate interests?

First, the Sands. To its credit the Audit Committee found that there was a likely violation of the books and records and internal controls provisions of the FCPA and this was reported in the Company’s form 10-K filed with the SEC. But the 10-K went on to say in a rather self-serving way that the Company has improved its practices with respect to books and records and internal controls. It also states that the preliminary findings do not have a material impact on the financial statements of the Company, do not warrant a restatement of previous financial statements and do not represent a material weakness in the Company’s internal controls over financial reporting as of December 31, 2012.

The Wall Street Journal investigation is part of a much larger DOJ criminal investigation into the News Corporation, WSJ’s parent company, related to revelations that its British newspapers hacked phones and bribed officials in order to obtain information for articles. As part of the overall internal investigation, the Chinese allegations were thoroughly reviewed. The WSJ found no evidence to support the claim or any impropriety, and maintains that the informant is most likely a government official seeking to disrupt or retaliate against the WSJ for reporting on Chinese leadership corruption. It is not clear that DOJ has closed the matter.

Microsoft’s matter is new. But its response to the news report that it is being investigated was straight forward. It said that the matters raised were important and that allegations of bribery should be reviewed byU.S.agencies and its own compliance unit. A spokesperson said that allegations of this nature arise from time to time, that it is possible that sometimes an individual employee or business partner may violate the Company’s policies or break the law, and that its responsibility is to train its employees, build a system to prevent and detect violations, and to investigate allegations and take appropriate action.

What can we learn about crisis communication from these three stories. The Sands reaction leaves something to be desired. While it is admirable to admit that the company may have violated the law it is presumptuous and self-serving to draw conclusions that basically are up to the government. The SEC and DOJ may have a hard time swallowing the Sands’ conclusions. It would have been far better to state that it is cooperating with the agencies to resolve all issues and reach determinations that will not have far reaching consequences to the Company.

If we take the WSJ’s comments at face value, there is no reason not to aggressively maintain one’s innocence. Yet, it might have been better to acknowledge more clearly that DOJ had not yet signed off on the WSJ’s findings and that the WSJ was working with DOJ to conclude the matter. Instead in a buried paragraph in its own story it states that it is unclear whether the Justice Department considers the matter resolved or still open.

The Microsoft reaction is the best. It is the most honest and direct and states the facts of corporate life: We know our responsibility. We do our very best. Occasionally, a bad apple may slip through. Crisis communication does require that a company assess and anticipate the concerns of stakeholders. Good judgment is needed to walk that fine line between allaying those concerns, and acting appropriately and respectfully to those who have control over the outcomes of your investigations.

The head in the sand approach to solving problems is not uncommon in everyday life. The concept of not getting involved has become more rapidly adopted by our citizenry. People readily subscribe to the maxim: The less involved you are the better off you are. It is also not uncommon in business situations, including at the very top positions. More and more CEO’s and other executives wish to insulate themselves and not sully their hands with messy issues, instead of solving them which is what they are paid to do.

When an organization’s leadership wishes to maintain clean hands instead of confronting crises, the can is kicked down the road or left to those who do not have the authority, knowledge, or responsibility to handle. The result is often a rudderless ship, compounded problems for the organization, and a CEO who either throws other people under the bus or is made to resign leaving a bleeding hulk of a company.

Take the case of the British Broadcasting Corporation. For many years a popular, long-time host at BBC, Jimmy Savile, was suspected of sexually abusing young people, sometimes even at the premises of the BBC. The company recently came under blistering attack when it was learned that an investigation of Savile had been cancelled by the editor of BBC’s Newsnight program last year. Newsnight is an important current affairs program of the BBC. Mark Thompson, the BBC’s Director General until a few months ago claims to have had no knowledge of the accusations against Savile although there were many opportunities to delve into the matter if he chose to do so.

Another recent example is Stephen Green, now Lord Green. Lord Green became chief executive of HSBC in June 2003 and was appointed chairman in 2006. In December of 2012 HSBC entered into a Deferred Prosecution Agreement with the Department of Justice (DOJ), criminal money laundering activities and agreeing to pay fines and penalties totaling $1.9 billion. According to the Huffington Post, in 2005 Green was also made aware of the bank’s alleged ties with “rogue” regimes in theMiddle East. A US Senate investigation released internal emails showing how in the same year Lord Green was warned by an internal whistleblower in the bank’sMexicosubsidiary that compliance staff had “fabricated records”. He was also told in 2008, two years after being appointed executive chairman, that the Mexican authorities had uncovered evidence of money laundering that “may imply criminal responsibility of HSBC”.

Often, top management wishes to be insulated from bad decisions already made, and hard decisions that need to be made, even with the knowledge that, more often than not, the buck stops with them and severe harm can come to the company.

A CEO and his/her lieutenants are charged with monitoring the ship as a captain of a vessel or plane would. Rectifying what is wrong is a vital part of the job. Time does not absorb and dissolve bad decisions or situations. It only heightens the culpability of the parties who either made no attempt to rectify, or tried to white-wash them. Recently the DOJ and the SEC jointly released its 120 page Resource Guide to the Foreign Corrupt Practices Act (FCPA) which essentially prohibits and makes criminal the bribery of foreign officials. The Act was first passed in 1977, was amended a couple of times. The Guide explains what the DOJ and the SEC look for when it investigates, including the conduct of company when it learns of violations and the remedial steps which are taken to correct violations.

The FCPA states that it shall be unlawful for a company or its officers or directors to offer to pay, pay, promise to pay or authorize the payment of any money, gift or anything of value to foreign officials, or a foreign political party or official thereof, or foreign political candidate including to any person while knowing that all or a portion of such money or thing of value will be offered, given or promised, directly or indirectly to any foreign official, foreign political party or official thereof or foreign political candidate for the purpose of influencing any act or decision of such official, inducing any act in violation of the official’s duty or securing any improper advantage.

The Guide states that Congress meant not only “to impose liability on those with actual knowledge of wrongdoing, but also on those who purposefully avoid actual knowledge” and quotes H.R. Conf. Rep. No.100-576, at 920 (1988):

deliberate ignorance” – should be covered so that management officials

could not take refuge from the Act’s prohibitions by their unwarranted obliviousness to any action (or inaction), language

or other “signaling devise” that should reasonably alert them of the “high probability” of an

FCPA violation.

It is very likely that in the future the DOJ will adopt various theories expounded in the Guide to other criminal prosecutions besides those arising from the FCPA. For example, in December, 2012, in the highly publicized HSBC money laundering case, the DOJ imposed its FCPA risk based guidelines to the bank’s flawed country risk-rating methodology. It is only a matter of time before we see the “head in the sand” approach to management come under significant direct attack.

Thus, it is time for boards of directors to insist that top management take full responsibility to right the wrongs of their organizations. It is incumbent on top management, and lower levels in turn, to clarify lines of responsibility and authority, to define the values of their organizations, to impose clear lines of accountability and to review regularly issues that arise. Confronting and solving problems is a big part of the job. Basking in increased sales, profitability and market share at the expense of ignoring core issues is a dangerous path that has often set back businesses several years and cost, or should have cost some CEO’s their jobs.

The New York Times editorialized that “It is a dark day for the rule of law” when it was announced in mid-December that British bank HSBC would pay $1.9 billion in forfeitures and penalties, but would avoid criminal prosecution for laundering Mexican drug cartel money and engaging in prohibited transactions with Libya, Iran, Burma, Sudan and Cuba,. Instead HSBC Holdings, plc, HSBC North America Holdings, Inc. and HSBC Bank USA (together referred to as “HSBC” or “the bank”) entered into a Deferred Prosecution Agreement (DPA) that requires the bank to clean up its act. The prosecution is deferred for five years and requires a neutral monitor. If the bank conducts itself responsibly, there is no prosecution. None of its executives were cited.

In 2003 the Federal Reserve ordered HSBC to police itself better for suspicious money flows. HSBC efforts not only failed, but since 2005 the bank violated the Bank Secrecy Act and otherU.S.laws on a large scale. It ignored massive transactions, including bulk cash and banknote activities, failed to establish or follow review procedures, and created seriously flawed risk assessment policies and procedures. HSBC executives and employees in its money laundering and compliance division were found to be incompetent. Worse, HSBC failed to generate or did not review its own anti-money laundering alerts or create and report suspicious activity reports (SARs) toU.S.authorities. The Federal Reserve, the Office of Foreign Assets Control, the Office of the Comptroller of the Currency and the Senate Permanent Subcommittee on Investigations all investigated HSBC for similar activities.

Undoubtedly there was criminal activity. Lanny Breuer, assistant Attorney General, explained that HSBC was being held responsible “for a stunning failure of oversight and worse”. Worse for sure given DOJ’s own investigation. The Statement of Facts which is incorporated into the DPA is damning. HSBC stipulates that the information contained in the Statement is true and accurate. The Statement runs thirty pages and is rife with allegations against and admissions by HSBC. For example, DOJ alleges and HSBC BankUSAadmits that it violated the Bank Security Act that makes it a crime to willfully fail to establish due diligence for foreign correspondent accounts.

DOJ deemed that the criminal Information it filed, without the accompanying Deferred Prosecution Agreement (DPA) would have been too disruptive, that in effect, HSBC and its subsidiaries were too big to fail. If that is the case, how effective is the DPA? While Breuer claims that it is a “sword of Damocles right over HSBC”, if the Bank is too big to be prosecuted now, it will be just that much bigger five years from now and DOJ will be even less willing to take decisive action if HSBC violates the DPA.

U.S.attorney Loretta Lynch stated that HSBC cooperated “immediately and extensively” and this was taken into account in deferring criminal prosecution. But that is not the case. HSBC has a paper trail, a track record that leads back to 2003. Nothing so far has seemed to work to get HSBC into line, and there are no concrete indications from insiders that this time it will be different.

There is some published speculation that Treasury and/or the Office of the Comptroller of the Currency put some pressure on DOJ to stop short of criminal prosecution in order to avoid significant disruption in the financial markets and perhaps to the world economy. Some say that HSBC would have been damaged, even “destroyed”, but there have been no specifics. This may merely be a bogeyman to convince the public that DOJ avoided a financial disaster. At the very least, DOJ could have wrung out criminal admissions from HSBC Mexico. This may have satisfied some. In the DOJ case against UBS for Libor manipulation the UBS Japanese subsidiary pleaded guilty to one criminal count of fraud. Looking at the bigger picture, the HSBC affair was an opportunity to fight the concept of “too big to fail”. Perhaps HSBC would have had to sell off some of itsU.S.banking operations, or even all of it. 25% of its total assets are located in theAmericasso we can assume thatU.S.assets account for less. It would not have been the end of HSBC. It is already selling assets in countries where it cannot compete and is in the process of eliminating a significant number of jobs.

HSBC is a behemoth As of mid-2012 HSBC was the world’s third largest bank, and had the second largest market capitalization on the London Stock Exchange. It was founded only in 1991 by the Hong Kong and Shanghai Banking Corporation which then enabled it to acquireUKbased Midland Bank. It remains the largest bank in Hong Kong and is now the largest international bank inChina. A guilty plea by HSBC in this case might have had serious consequences, but it would have survived in one form or another. For theU.S.government to essentially conspire with HSBC for the bank to remain “too big” is not in the best interests of theU.S.legal system, theU.S.banking system or the world banking system. Such failure to fully enforce the statutes of theU.S.rightfully brings on criticism of our justice system. This was an opportunity to start whittling away at bigness, to begin to stop the tail wagging the dog. It was an opportunity lost.

Finally, in the UBS case, two traders were also charged with taking part in the scheme to manipulate Libor rates. It seems incredible that, at the very least, given the seriousness of the crimes committed at HSBC, that not one executive has been indicted. The Statement of Facts is riddled with the admitted words “knowingly” and “willfully”. What prosecutor, left to his/her own devices, wouldn’t love to have this case. These crimes were committed by individuals. DOJ investigations have been ongoing for several years. Surely a name or two has popped up. When asked whether there may be criminal cases brought against individual HSBC bankers, assistant AG Breuer said “There may be , but there may not be”. Let’s hope he’s merely playing coy because if no individual indictments are forthcoming it will be a travesty of justice. And Breuer has the weapons. The DPA provides that HSBC is obligated to use its good faith efforts to make available to DOJ at the bank’s expense all current and former executives, employees, directors and consultants, and further to provide any information, materials, documents, databases, etc, requested by the Department. There is no protection against prosecution for conduct that HSBC did not disclose prior to the DPA, and there is no protection against prosecution of any current or former officer, director, employee, agent or consultant for any violations committed by them, including conduct described in the Statement of Facts. These provisions in the DPA give the DOJ wide latitude to continue its investigation and take whatever action it deems necessary in its pursuit of justice. Obviously it is not necessary, as the assistant AG has stated, that any individual still be employed at HSBC. And it is not necessary that any individual be complicit with its customers in drug or terrorist activities. It is enough that acts were willfully perpetrated that are statutorily deemed criminal offenses. The Bank Secrecy Act, for example, provides for heavy penalties for individuals and institutions that fail to file SARs, currency transaction reports and money instrument logs. Penalties include heavy fines and prison sentences.

In order for DOJ to redeem itself it is clear that additional action needs to be taken. This may have to wait until the cast of characters inWashingtonchanges. The viewpoint of Treasury may certainly change when there is a new Secretary of the Treasury. Additionally, if the U.K does not remain silent about former executives who were active at HSBC during the times in question, our government may gain more courage. Take for example Stephen Green, now Lord Green. Lord Green became chief executive of HSBC in June 2003 and was appointed chairman in 2006. According to the Huffington Post, in 2005 he was made aware of the bank’s alleged ties with “rogue” regimes in theMiddle East. The US Senate investigation released internal emails showing how in the same year Lord Green was warned by an internal whistleblower in the bank’sMexicosubsidiary that compliance staff had “fabricated records”. He was also told in 2008, two years after being appointed executive chairman, that the Mexican authorities had uncovered evidence of money laundering that “may imply criminal responsibility of HSBC”.

There is little question that the HSBC affair has left DOJ with a black mark against it. The DPA provides adequate remedies to monitor closely the activities of HSBC over the next five years and to take direct and effective action in case the DPA is violated. The DOJ also has the power to continue its investigation of individuals and to receive the cooperation of HSBC. If and when criminal activities are uncovered DOJ has the power and authority, and hopefully the will, to prosecute to the fullest extent of the law. It should take advantage of this opportunity in order to void the current impression that justice in this country is applied selectively.

Last week I read that Michael Mendes formally resigned from Diamond Foods Inc. Mendes worked for Diamond most of his working life, serving as President and CEO from 1997 and adding the title of Chairman in 2010. Then at the beginning of 2012 he was placed on administrative leave after an accounting impropriety was discovered involving payments to walnut growers, which artificially inflated financial results of the company.

The shift in payments must have been whoppers because they necessitated the restatement of 2010 and 2011 profits. As a result it appears that Diamond has lost its deal to purchase the Pringles brand from P&G, which was to have been an all stock transaction

It is not uncommon for companies to manipulate numbers to look good. It is also not a surprise to find that those at the top may not have been in the know. As a result of such an “event” a CEO will clean house, heads will roll and internal accounting measures tightened. But here it look like the perpetrators may have been those at the very top, including Steven Neil, the former CFO, who was also placed on leave. Why else would Mendes and Neil have been placed on administrative leave? Why else would Mendes repay $2.7 million in bonuses he received for 2010 and 2011, and return shares awarded to him in 2010. He leaves with a net retirement balance after repayment of bonuses, and will not be granted any severance.

In his wake, Diamond Foods is stuck with a share price that has plummeted 60%, a lot of angry shareholders who are ratcheting up class action suits against the company, and ongoing Department of Justice and SEC investigations. That’s quite a trail to leave behind.

The Board should be commended. In the face of a serious crisis it took decisive action. There was no attempt to white-wash the situation or cover for Mendes. Crisis management oftentimes means nothing more than biting the bullet and facing problems head-on. In this case the Board has taken steps to tighten its internal controls and has cleaned house. But in my view it has done more than that. Too often the guy who screws up, especially if he is at the top, gets a golden parachute and a pat on the backside to ensure that the door doesn’t hit him on the way out. The wheels are greased and everyone thinks the right thing is being done. But this Board obviously saw no need to reward people who created the crisis in the first place. Hopefully this Board will set a precedent for the many situations which will undoubtedly follow in the business world.

CEO’s should pay a price when they do something illegal, or in violation of a company’s ethical standards. All companies should take a page from this playbook. Don’t deplete the assets of your company even more after a crisis by rewarding bad behavior. It adds insult to injury to your shareholders and other stakeholders. CEO’s and others in top management need to receive what they deserve. If they earn a walk out the door, they are not entitled to a fat paycheck. It’s one thing if the chemistry isn’t right or the results are disappointing. It’s another thing if a person has left his company high and dry, bleeding from bad decisions and actions that have done harm. It’s time to change the ugly unwritten understanding between boards and their managements that says that the upper echelon is a fraternity whose members are entitled to hop from company to company accumulating prizes while their reputations remain unscathed, regardless of their perfidy or incompetence.

Covering for the organization rarely works. Neither does the belief that an organization is so strong and respected that it exits on a level all its own.PennStateofficials found that out recently and now the BBC is suffering from the same ill-advised mentality. Whistle-blowing is a separate but related topic but the concerted effort of many in positions of power at an organization to hide something or sweep it under the rug deserves special attention.

For many years a popular, long-time host at BBC, Jimmy Savile, was suspected of sexually abusing young people, sometimes even at the premises of the BBC. The Company recently came under blistering attack when it was learned that an investigation of Savile had been cancelled by the editor of BBC’s Newsnight program last year. Newsnight is an important current affairs program of the BBC. Mark Thompson, the BBC’s Director General until last month (and who is destined to join the New York Times shortly) claims to have had no knowledge of the accusations against Savile although there were many opportunities to delve into the matter if he chose to do so.

Within the last week and in a matter of weeks since Thompson’s departure, his successor, George Entwistle, resigned because of another flap, again involving Newsnight, which wrongly implicated a Conservative Party politician in a pedophile scandal inWales. And just yesterday the BBC’s Director of News, Helen Boaden and her deputy, Stephen Mitchell announced that they have “stepped aside”.

The upshot is that there is turmoil at the BBC. There is a lack of control and the Chairman of the BBC Trust has acknowledged that the organization is in a ghastly mess and in need of a thorough overhaul.

How does any organization get itself into this type of crisis and what types of crisis management are called for? First, hubris plays a significant role. When an organization attains a stratospheric reputation such as that of the BBC, those who personify it not only begin to believe in its infallibility but also in their own. Heightened reputations beget dizzying overconfidence. Secondly, there is a tendency of employees, whether they be worker bees or top management to put their employer above all else. Not many people want to be held responsible for the decline or unraveling of an organization. Most want to be team players, no matter what they know and no matter what they really think about their place of work.

Crisis management calls for continual checks and balances. An organization cannot continue to coast, as many do, on old and outdated reputations. It is incumbent on top management, and lower levels in turn, to clarify lines of responsibility and authority, to define the values of the organization, to impose clear lines of accountability and to review regularly issues that arise. Often, top management wishes to be insulated from bad decisions already made, and hard decisions that need to be made, even with the knowledge that, more often than not, the buck stops with them and they may be the sacrificial lambs regardless.

Crisis management does not just mean planning to avoid a crisis if possible. Nor does it just mean managing a crisis once it hits. It also means taking steps to mitigate a crisis in the works. A CEO and his/her lieutenants are charged with monitoring the ship as a captain of a vessel or plane would. Rectifying what is wrong is a vital part of the job. Time does not absorb and dissolve a bad decision. It only heightens the culpability of the parties who either made no attempt to rectify it or tried to white-wash it. This is a hard lesson for people such as the former President of Penn State and the late Joe Paterno. It is a hard lesson for the former and current management of the BBC.

One of the most evident communications failures in the aftermath of Hurricane Sandy involved the ING New York City Marathon. Unquestionably the success of the Marathon paled in comparison to the misery heaped on New York (and New Jersey and Connecticut) residents who should of course have received and should continue to receive immediate and effective relief.

However, I cannot understand why the Marathon could not have been transformed into a major vehicle for focusing attention on and creating relief efforts for the residents of Staten Island, and The Rockaways, the areas ofNew Yorkthe most severely damaged. I believe that the event could have been salvaged and made into something extraordinarily constructive instead of seemingly distractive and frivolous.

During the week of the storm Mayor Bloomberg kept announcing that theMarathonwould go on. He justified the decision by saying it would be good for New Yorkers. It would bring the City together and lift everyone’s spirits. He also stated that no resources would be diverted from the relief effort. This comment, although true, was weak in light of the dozens of generators seen being transported toCentral Park for the traditional pasta dinner, and the numerous port-a-potties being installed near the starting line. Granted these resources were private but it all seemed so selfish. This was crisis management and crisis communication at its worst.

What might have happened if the following had occurred? Mayor Bloomberg and Mary Wittenberg, president and CEO of the New York Road Runners (NYRR) jointly announced that theMarathonwas being renamed the Sandy Relief Marathon. The prize money was being donated immediately to the relief effort. The pasta dinner was cancelled and all generators and other private resources were being transferred to stricken areas. All port-a-potties were available immediately to the public. A telethon was being established for call-in donations during the race. All runners were being encouraged to donate their time in the coming days to support efforts. And so on.

The perception and the reality of theMarathonwould have been transformed into a humanitarian effort. That’s the way it should have been, instead of being billed as a cheer-leading, feel-good effort. Good crisis management in the Mayor’s Office and the NYRR was lacking. They had the time to make it happen but not the imagination or creativity. The resulting cancellation on the Friday before the event was a fiasco. An embarrassment for both the Mayor and the NYRR. The financial loss to the City is in the untold millions. The damage to the reputation to the event and the Road Runners organization remains to be seen. Certainly the thousands who travelled from abroad to participate now have a bitter taste in their mouths. The most common reaction was – We understand cancelling the event but why wait until Friday. If you had cancelled earlier in the week we could have saved the trip and our airfare.

We can only hope that nothing befalls the tri-state area again likeSandy, but if it does more intelligent and creative minds should grapple with a situation like theMarathonand utilize the notoriety of such an event to good and productive use. Obviously it is easier in hindsight to come up with ideas, but doing what’s right, sacrificing certain elements of an event and willingly taking two steps back in order to take one step forward would have burnished the image of the Marathon instead of tarnishing it. Trying to salvage an event in its entirety was and is perceived as putting yourself first. Placing the needs of those devastated bySandyfirst, and sacrificing some of theMarathon’s bells and whistles might have just garnered a lot more respect and kept a version of the race intact. Now NYRR has to renegotiate with product sponsors, ESPN and local affiliate WABC, and the participants themselves. It difficult to envision it coming out a true winner.

A little over a year ago I wrote a critical article on the abrupt firing of Yahoo’s CEO, Carol Bartz. The removal of Bartz was done without any succession planning and left the company floundering and rudderless.

On Tuesday, October 16, 2012 Citigroup lost its CEO, Vikram Pandit, under different but similar circumstances. Pandit chose to resign rather than be fired and the financial universe, although shocked, expressed its approval with an increase in the company’s stock price from under $35 a share at the end of Monday’s trading to slightly over $38 this Thursday morning.

The board of Citigroup has changed dramatically since the beginning of the severe financial strains five years ago. The board is now much more independent and focused on bank operations, especially since Michael O’Neill took over the helm as chairman in April of this year. This, of course, is a very good thing. The company had suffered under a rubber-stamp board ever since the Sandy Weill era.

Essentially, Pandit inherited a mess, made some good calls in divesting poor performing assets over the last couple of years, took a $1 salary in 2009 and 2010, and returned the company to profitability in 2010. Yet progress was slow. The share price had lost 89% of its value, the company had to recently eat a multi-billion dollar write-down of its stake in a joint venture with Morgan Stanley, and had to suffer the humiliation of not being allowed by the Federal Reserve to launch its stock buy-back plan, even though Pandit had supposedly built strong relations with Reserve Board members. It has been doing poorly compared to JPMorgan Chase and Wells Fargo. Clearly this was a cumulative crisis that had been gathering steam over several years. Pandit had done some good things, there is no question, but overall the situation had reached crisis proportions that called for the board to take dramatic steps

O’Neill is known as a tough cookie, and newer board members are no shrinking violets either. The time had come to take action. O’Neill had had conversations with Michael Corbat, Citi’s CEO for Europe, the Middle East andAfrica. The stage, therefore, had been set for succession, so it was quite clear that a transition was going to take place. The question was merely when. Apparently, some altercation between Pandit and O’Neill or other board members ensued the day before and ultimately Pandit was told he could resign or be fired.

Several things stand out. First, there is now an activist board at the bank. Second, Citigroup remained a limping giant and dramatic measures were necessary. Third, the consensus was that Vikram Pandit was not the man for the job. Under the circumstances one might wonder why it took as long as it did to make this move. Finally, the board was prepared and the succession was swift and neat. There were three surviving bank CEO’s from the financial crisis as of the end of last week. Now there are only two.

Vikram Pandit did his best. It wasn’t enough. Some outsiders like Sheila Blair, former head of the FDIC, felt that he was not the right man for the job. but it took a change in the board – fresh faces – to recognize the problem and do something about it. This is crisis management in action, perhaps a bit slower than investors would have liked, nevertheless a smart move that will auger well for the bank over the next couple of years. Big banks, crucial to the well being of our country as well as to its investors, must engage in crisis planning and be ready for the unexpected. At the onset of the financial crisis the banking and investment community was clueless about crisis management even though all the clues necessary had been served up on a silver platter. It didn’t have the will to do anything but push the can down the road. The ostrich approach to crisis management has proven time and time again to be a disaster. It is even more of a disaster when after the crisis has hit the reaction to it is sluggish. Dramatic times call for dramatic action. Vikram Pandit wasn’t dramatic enough. His board finally was. Hopefully Michael Corbat sees the problems and will implement solutions quickly to right the ship.

On September 8, 2012 The New York Times ran a front page story about Marcone, a company that may well be the largest authorized dealer of appliance parts in theU.S. it’s been around since 1932.The reason for its front page notoriety is due to one of its senior vice presidents, Carlos Garcia, buying, essentially smuggling, and reselling large quantities of a banned refrigerant for appliances such as refrigerators and air conditioners. Garcia imported the gas, HCF-22 which damages the ozone layer, without the necessary approvals, thereby violating international treaties andU.S.law. The substance has been prohibited in new appliances since 2010. In June, Garcia was sentenced to 13 months in jail.

Faced with a tempting or risky issue, a powerful person, a powerful company, a powerful country is most likely still to believe that there is a good chance of getting away with something. Lie low and time will make the issue recede into history. Put a band aid on and no one will dare to pierce your impenetrable shell. This is what happened to Wal-Mart in April of this year when its Mexican subsidiary was exposed as having engaged in pervasive bribery as a normal course of business. What would have happened if Wal-Mart had entertained a genuine independent internal investigation when it had the opportunity, and made those findings known to the Justice Department and to the State ofMexico? There would have been a much smaller story. Wal-Mart would at least have been accused of being honorable. Its reputation for integrity would have been burnished. It would have paid a price but perhaps not as steep a price as it will now pay.

Why don’t people get it? Because there is a gambler in all of us, even when the odds are poor. Is there a chance we can get away with something? Let’s give it a try. What do we have to lose? Ask Richard Nixon. Ask Bill Clinton. Ask all those who have tried to wheedle their way out of messes only to get caught. Ah but then again there is always that other guy, the guy who got away with it. We should follow him. He’s a smart guy. He knew the angles. If he could do it, we can too. Right now things are calm. Let’s not rock the boat. But in the long run the straight-shooter almost always wins.

What’s the lesson for CEO’s of organizations? It’s simple really. Every organization has a “culture”. An integral part of that culture should be a requirement for high ethical standards, communicated from the top down. Transmitting the idea of winning at any cost will most likely ensure that some manager or employee down the chain will misconstrue the message and take ridiculous liberties in order to be noticed. Turning a blind eye to actions that are suspect bears the same message, even if it takes a little longer to filter down. Excessive emphasis on the bottom line can put extraordinary pressure on executives and managers to wring blood out of a stone and look for routes that will pay huge rewards, oftentimes the risk be damned. Johnson & Johnson has certainly paid a huge price to its reputation under the leadership of William Weldon, who retired as CEO just a few months ago. Under his guidance J&J’s wonderful standing in the eyes of the public has plummeted. The number of recalls, dirty facilities and end-runs around regulations over the last several years have contributed to the erosion of its sterling reputation of putting the consumer first as it did in the Tylenol scare of 1982.

What can a CEO do? First establish a no tolerance rule for non-ethical behavior. Anyone whose conduct exceeds the bounds of propriety is gone. Second, very careful employment screening is a must. Thirdly, establish ethical standards. Easier said than done? Perhaps but the effort should be made. Obviously if certain conduct is illegal, then it clearly has no place in the organization. beyond that if conduct is egregious enough to create the valid claim of negligence or breach of contract it should not be tolerated. Finally, if conduct would offend any one class or more of your stakeholders then it should be carefully considered. No organization should take an action that has the potential for angering its customers or clients, its investors, suppliers, employees, government officials, the public at large or the media. Of course, angering your competition is a different story, unless it angers the public at large and boomerangs.

No organization can protect itself against the errant employee who may jeopardize its reputation, legal standing or success. Nevertheless, it is imperative that the CEO and the board of any entity establish the rules of conduct by which it wishes to be known and respected.

The term crisis management itself is enough to send executives and managers scurrying back to their desks, burying their heads in papers so they can be overlooked. If one is tapped to head a pre-crisis management team, it’s like being the designated fire marshal for your floor in the building. If you are appointed to manage a post-crisis event, you may have everything to lose and nothing to gain. After all you may be in the cross hairs of public opinion and totally distracted from your regular role in sales, marketing, advertising, or finance.

But crisis management is a vital function. It should be recognized as such by the CEO of any organization and communicated down the chain. Any one event, whether due to totally external factors or self created, a crisis can set an organization back years or deep six it, if not handled properly. Handling that one event may well far outweigh for example the importance of the market roll-out of a new product.

Pre-crisis management is preventative in nature. It helps you avoid a crisis. It also prepares you for handling a crisis in the event one occurs.

Post crisis management implements the plan you have prepared in anticipation of a crisis occurring.

So, what is a crisis. It can be any event or circumstance that has the potential for negatively impacting your organization whether it is damage to reputation, operations, markets, or products. Tainted, shoddy or defective products. High profile litigation. A government investigation. The resignation of a key officer. An environmental or natural disaster. n internet failure. Illegal employee activities. Computer data loss. A walkout or strike. The list goes on

The spill-over effect is the negative impact the event will have on your stakeholders – your customers, your suppliers, investors, employees, government officials, the public at large, the media. Major crises happen all the time. We have seen several recently and they are not pretty.PennStateof course, Wal-Mart’s Mexican subsidiary bribery story, Netflix’s pricing fiasco, Olympus Corporation’s cooked books, J&J’s poor handling of product recalls. These stories and many more underscore the necessity for pre-crisis management.

Of course we are not all Wal-Mart or Johnson & Johnson. But the owner of the local retail toy store has as much to gain from crisis management as the big boys. Bad press, damaged relationships, investor confidence, employee morale, supplier cut-offs, civil and criminal liability – none of these things happen only to giant institutions.

How to start. It’s easy. Brainstorm. No one can anticipate an exact crisis but we can all speculate as to what our organizations may be vulnerable. List these vulnerabilities and what you can do about them. Example: you are a farmer and need to protect yourself against weather-related events. Insurance coverage, smudge pots, protective coverings etc. may be your answer. Example: your supplier of critical components has had problems. Begin identifying and ordering from alternative sources of supply, vertical integration, overseas sources etc. may be your answer. Example: you produce or distribute products for human consumption. Check your sources for utmost reliability, third party liability insurance, random quality checks.

Other potential solutions to problems: alternate transportation sources, duplicate bookkeeping and records backup, key man insurance, family succession planning. All these actions, if circumstances warrant, can be extremely helpful in avoiding you being caught unaware.

Next, assemble a team, a core group made up of the CEO, your PR people and legal counsel. Identify those managers or employees who have the best in-depth knowledge and are capable of attacking a problem in their respective areas. Identify those managers and employees who are capable of succinctly explaining issues to top management and/or to the public. Assemble this team and assign roles. Ensure that you have an organized document management system in place that preserves data and information and be ready for fact finding. Develop a communications strategy which includes assigning responsibility for communication content and approval, and assigning the role of spokesperson. Recognize the need for different messages for different stakeholders. develop responses for different media, from press releases, on air responses and social media.

Don’t think you can handle everything in-house. Your attorney, your public relations consultant or those who you rely on for sage advice will come in handy. Outsiders have a broader perspective than you may have and can assist to anticipate problems, develop a plan, assist in investigations and document management, assess any legal exposure and help prepare public statements.

One observation I personally believe to be of utmost importance. If you look at some of the highly publicized crises of the day, many stem from lax ethics. Enhancing the bottom line has many times replaced the goal of doing the right thing, often at the expense of customers. Increasing short term profits may make a hero out of someone today but the actions taken to accomplish this may have severe repercussions to an organization tomorrow. A CEO can pressure everyone to redouble their efforts to increase revenues and profits and let employees find their own path or a CEO can communicate the need for high ethical standards which in the long run, will bear more fruit and allow everyone to come to work the next day. Crisis management especially crisis planning is a crucial effort to manage those events that have slipped by you. The worst and the best that can happen is that you will never have to implement your plan.

The JPMorgan $2 billion debacle stunned me as it did everyone else. It was like catching the self-righteous little kid with the smoking slingshot in his hand.

Well, not quite. I got to thinking. Yes, it’s true that Jamie Dimon has this holier than thou attitude and perhaps it’s nice to see him knocked down a peg or two. But many crises are without question caused by those employees who you think you know – but don’t. Or caused by the hierarchy or the controls you’ve established but which really don’t work. You look out over your domain and deem it good, but there is always someone or some circumstance or some poor decision that puts you and your company in the hot spot.

Yes, the buck stops here and the CEO should always take the rap (instead of throwing someone or a few people under the bus and taking the $23 million), but that doesn’t mean the CEO can really plug every hole that springs a leak. It would require too many thumbs. Dimon was frank and honest, but he did forget to say it was on his watch and he accepted full responsibility. You can’t have everything. But, what do you do when your trusted employee or employees do something dumb, or worse.

Several months ago I wrote about Charlie Sheen. I also wrote about Christian Dior’s John Galliano. For those who don’t recognize the names, suffice it to say that both of these guys gave their employers and themselves black eyes and heartburn. CBS and C.D. each acted fairly quickly and dumped its famous and talented employee, regardless of his value. They restructured. They went on and in a matter of a couple of weeks after their decisions, the crisis each faced disappeared.

Crisis management calls for decisive action. That doesn’t mean just dumping a perpetrator. It means analyzing a situation to see if the organization continues to be vulnerable. It means identifying the basic problem and rectifying it. Do potential employees have to be tested? Drugs? Psychological testing? Do they have to be supervised more closely? Should they be cleared to give public statements? Do employment contracts have to be tightened up? Do the work environments have to be more closely supervised? Do supervisors have to have greater responsibility for the conduct of their departments? Do department managers and regional vice presidents have to be more hands on? Should they be required to know all the employees under them? Should the work environments be evaluated for potential risk? Are there checks and balances? Are there activities being conducted that are beyond the scope or the purposes of the business or the established guidelines or policies of the company?

Crisis management should lead to problem solving not problem white-washing. JPMorgan Chase has to look well within itself to answer these types of questions. So does the rest of the banking industry. The crucial question that needs to be answered is whether the reins on the biggest banks should be tightened: re-institute Glass-Steagall? Put real teeth into the Volcker Rule? Something has got to give and the big boys should act like big boys. The financial fate of the nation depends on it and the right to massive profits is not justification for behavior that jeopardizes the well being of the country.

About

Michael Nayor is founder and CEO of the Rhodell Group, LLC, a consulting firm that provides comprehensive crisis management services. He is a graduate of Cornell University (B.S., M.B.A.), New York University School of Law (J.D.) and the State Department’s Foreign Service Institute advanced program in economics.